Recently I stumbled into a problem with my wireless cisco controller. How can you switch off/on the wireless (SSID) on demand without having to login to the device each time? There are many solutions available to tackle the “broadcast” issue of the SSID but not actually disabling it! For example you can configure time-based access control lists (ACLs) with use of time ranges. Time-based ACLs help you to make sure that users are able to access the wireless network within a particular time period, for example, 01:00 a.m. to 07:00 p.m. (0100 to 0700). The use of time-based ACLs does not shut down the AP or radio. It just stops passing of traffic on the AP so that users cannot access the network. For more information you can check the cisco configuration page (this only works on Cisco IOS Software-based AP). Alternatively, if you own a WCS then you could push a template to specified time from WCS to WLC to automatically disable/enable particular WLAN (guide here).
So what is the solution if you just own a WLC and a Cisco Aironet Access Point? Python to the rescue!!! I have attached a script which can be used with a cron job to disable/enable a specific wireless network (SSID). At the moment it works only via telnet (the SSH library has too many dependancies) and the credentials of the wireless admin user need to be saved on the “configs.ini”
wlc_ipaddr = <Ip of the Wireless Controller>
wlc_user = <username>
wlc_pasw = <password>
wlanId = 1,2,3,4,5,6
;separate WLANS with ","
For this to work you will need to have python installed and wlclib library should be installed under python/lib. Two scripts (disable.py and enable.py) can be called by adding two lines on the crontab (example of the disable.py script below)
from wlclib import *
config = ConfigParser.RawConfigParser()
configfile = "configs.ini"
Controller = Wlc(wlc_ipaddr, username=wlc_user, password=wlc_pasw)
logs.append("connecting to %s" % wlc_ipaddr)
wlc_session = wlclogin(Controller.username, Controller.password, Controller.ipaddr)
for id in WLANs:
command='config wlan disable %s' %id
The script can be found here. Content of the script below
Credits to Cisco TAC!
Having issues with the script? Leave a comment below